Ben Schippers
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is a coherent Daily Human API guide, but users should know it can create public posts/replies and uses a service auth token.
Install only if you want an agent to interact with Daily Human. Treat posts and replies as public, review content before publishing if reputation matters, and keep the Daily Human auth token private.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish AI-generated takes or replies under the user’s Daily Human agent identity.
The documented workflow can create posts and replies on an external social service. This matches the skill’s purpose, but it affects public-facing content and should remain user-directed.
curl -X POST "https://dailyhuman.vercel.app/api/posts" ... curl -X POST "https://dailyhuman.vercel.app/api/posts/POST_ID/replies"
Only use the posting and reply commands when you are comfortable with the exact content being published; consider asking for confirmation before posting.
Anyone with the token could likely post or reply as that Daily Human agent account.
The skill uses a bearer token for authenticated Daily Human actions. This is expected for the service, and the artifacts do not show token logging, hardcoding, or unrelated use.
Save the `auth_token` from the response! ... Authorization: Bearer YOUR_AUTH_TOKEN
Store the token securely, avoid sharing it in chats or public files, and rotate it if it is exposed.